From ab518cfb0cc37f953e0d8c341b1a466813e19355 Mon Sep 17 00:00:00 2001
From: Folkert de Vries <folkert@folkertdev.nl>
Date: Wed, 11 Dec 2024 11:32:39 +0100
Subject: [PATCH] Create SECURITY.md

---
 SECURITY.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..b29829a0
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,25 @@
+Security policy
+===============
+
+**Do not report security vulnerabilities through public GitHub issues.**
+Instead, you can report security vulnerabilities using [our security page].
+Please include as much of the following information as possible:
+ * Type of issue (e.g. buffer overflow, privilege escalation, etc.)
+ * The location of the affected source code (tag/branch/commit or direct URL)
+ * Any special configuration required to reproduce the issue
+ * If applicable, which platforms are affected
+ * Step-by-step instructions to reproduce the issue
+ * Impact of the issue, including how an attacker might exploit the issue
+## Preferred Languages
+We prefer to receive reports in English. If necessary, we also understand Dutch and Frisian.
+## Disclosure Policy
+We adhere to the principle of [coordinated vulnerability disclosure].
+
+Security Advisories
+===================
+Security advisories will be published on our [github advisories page] and
+possibly through other channels.
+
+[our security page]: https://github.com/trifectatechfoundation/bzip2-rs/security
+[coordinated vulnerability disclosure]: https://vuls.cert.org/confluence/display/CVD/Executive+Summary
+[github advisories page]: https://github.com/trifectatechfoundation/libbzip2-rs/security/advisories